Overview

Traceability tags allow the user to locate his run time resources that were created based on a specific IaC resource, detect drifts from IaC templates and trace the differences between cloud and code. In order to perform Drift Detection, each resource must be uniquely tagged. Tagging of resources can be done manually, automatically (using Yor), or by using the Bridgecrew tagging bot (Via Yor).

How to Enable Traceability

From Resource Inventory, select Manage Tags.

The Tag Rule list appears.
The first entry, yor_trace represents Bridgecrew's out of the box Traceability tagging. Toggle Enabled/Disabled in the Status column to enable or disable Traceability.

Viewing tags within Resources

To view all resources, select Resource Inventory, then select all resources.

To view untagged resources, select Resources without Tags.

To view details of a resource, select the resource, a pop up window will appear with the details, including the tags.

This example shows a total of 9 different tags, including the yor_trace tag.

The yor_trace tag is a unique identifier indicating the git commit in combination with the specific IaC resource, it has initial support for Terraform, CloudFormation, and Serverless, Yor adds tags to IaC configurations that carry over to running cloud resource tags, for more details on yor, see here.